Infection of electronic devices through malware is a serious threat that everyone faces with their mobile phones, tablets, PC, and so on. However, according to a recent study, almost 36.5 million Android phone users were already infected with the virus known as Judy. The programs, through which this malware get incorporated into the users’ device, generate fake ad clicks, which in turn produce revenue for the developers.
What is Judy malware?
Security firm Check Point tested for the Judy malware and found that 41 apps developed by the Korean Keniwini company, which published them under the name ENISTUDIO.
Corp were infected. The programs generate a large number of fraudulent clicks on advertisements that generate an enormous amount of revenue. Check Point revealed that this might be the biggest malware operation to have been discovered in the Play Store.
How the malware affects a user's phone
When a user downloads and installs a malicious app, the malware infects the device but stays inactive. After the program itself is accessed, the malware uses the user’s connection to establish a link with the Command and Control server, which is the developer’s own server. This app then redirects and keeps opening external web pages. Once the targeted website is launched, the Judy virus uses the JavaScript code to locate and click on banners from the Google ads infrastructure.
The security firm estimates usage reached an astonishing spread between 4.5 million and 18.5 million downloads for these infected apps. After the results came to light, Google immediately removed the concerned apps from the Play Store. However, Check Point believes that the damage has already been done.
It remained unclear how long the Judy virus remained inside these apps, which has made it even harder to determine just how widespread the effects of these apps may be.
The total spread of the infection may have reached between 8.5 and 36.5 million users. The apps generally included simple fashion and cooking simulation games. However, the maliciousness could not be determined before as the apps downloaded the malware not from Google, but from external sources.
The Judy virus has been compared to two other similar exploits, namely FalseGuide and Skinner.
The developers of these programs usually find ways of increasing the positive ratings of their apps to lure new users. In some cases, actual users are unknowingly forced to give high ratings to the app. Check Point advises users against relying only on the Play Store securities. It is instead better to use some form of external protection such as anti-virus and anti-malware software, to protect one's devices against such malicious apps.
